More results...
Desired Effect provides an ethical vulnerability exchange marketplace to help defenders get ahead of attackers.
The post Ethical Zero Day Marketplace Desired Effect Emerges From Stealth appeared first on SecurityWeek.
Security researchers have linked the notorious RedGolf hacking group to a wave of exploits targeting Fortinet firewall zero-days and the deployment of custom cyber attack tools. The exposure of a misconfigured server tied to the KeyPlug malware—a hallm…
A Russian state-linked hacking group is ramping up its cyberattacks against diplomatic targets across Europe, using a new stealthy malware tool known as “GrapeLoader” to deliver malicious payloads through cleverly disguised phishing emails. According to Check Point Research, the campaign began in January 2025 and is being carried out by APT29 — also known as […]
The post Russian Hackers Target European Diplomats with ‘Wine-Tasting’ Phishing Scams appeared first on eSecurity Planet.
Apple has urgently rolled out iOS 18.4.1 and iPadOS 18.4.1 to patch two zero-day vulnerabilities that were actively exploited in “extremely sophisticated” attacks aimed at specific iOS users. The flaws, found in the CoreAudio and RPAC components, posed…
The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
The post Apple Quashes Two Zero-Days With iOS, MacOS Patches appeared first on SecurityWeek.
Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. […]
Semiconductor companies, pivotal in the tech industry for their role in producing components integral to everything from consumer electronics to critical defense systems, are under siege from sophisticated cyber threats. These firms design, manufacture…
Microsoft has uncovered a sophisticated ransomware campaign exploiting a zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824. The vulnerability allows attackers to escalate privileges from a standard user acco…
Patch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild.
The post Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day appeared first on SecurityWeek.
Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices […]